Description
NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
Published: 2026-04-27
Score: 9.4 Critical
EPSS: < 1% Very Low
KEV: No
Impact: SQL Injection that can compromise the database
Action: Immediate Patch
AI Analysis

Impact

NASA’s Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 contains a flaw that allows an attacker to inject arbitrary SQL code through the category parameter. This weakness permits unauthorized manipulation or extraction of data stored in the database, potentially revealing sensitive information or allowing tampering with records.

Affected Systems

The affected product is NASA Earth Observing System Data and Information System (EOSDIS) MODAPS, version 8.1. No other vendors or versions are identified.

Risk and Exploitability

The CVSS score of 9.4 indicates a high severity, the EPSS score is <1%, and the vulnerability is not listed in the CISA KEV catalog. The presence of a direct SQL injection path through a user‑controllable parameter suggests that an attacker who can send crafted requests to the application could trigger the flaw. Successful exploitation would expose or alter data within the MODAPS database, and if the database contains privileged information, the impact could be significant. The attack vector is inferred to be external, via HTTP requests to the web interface that processes the category parameter.

Generated by OpenCVE AI on April 28, 2026 at 23:32 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply any available vendor patch or newer version of MODAPS that addresses the SQL injection flaw.
  • Implement proper input validation and use parameterized queries for the category parameter to eliminate direct SQL execution.
  • Deploy a web‑application firewall (WAF) or intrusion detection system to detect and block SQL injection attempts.

Generated by OpenCVE AI on April 28, 2026 at 23:32 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 29 Apr 2026 00:00:00 +0000

Type Values Removed Values Added
Title SQL Injection in MODAPS Category Parameter

Tue, 28 Apr 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 9.4, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:L'}

ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 28 Apr 2026 13:45:00 +0000

Type Values Removed Values Added
Title SQL Injection in MODAPS Category Parameter
Weaknesses CWE-89

Tue, 28 Apr 2026 09:45:00 +0000

Type Values Removed Values Added
First Time appeared Nasa
Nasa modaps
Vendors & Products Nasa
Nasa modaps

Mon, 27 Apr 2026 21:15:00 +0000

Type Values Removed Values Added
Description NASA Earth Observing System Data and Information System (EOSDIS) MODAPS v8.1 was discovered to contain a SQL injection vulnerability in the category parameter
References

Subscriptions

Nasa Modaps
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2026-04-28T13:48:09.655Z

Reserved: 2024-09-11T00:00:00.000Z

Link: CVE-2024-46636

cve-icon Vulnrichment

Updated: 2026-04-28T13:44:25.819Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-04-27T21:16:21.320

Modified: 2026-04-28T20:12:42.653

Link: CVE-2024-46636

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-28T23:45:16Z

Weaknesses